CVE-2020-23754
CRITICAL EPSS 72.0%
Published Nov 2, 20214y ago · Modified Jun 17, 20262w ago
9.6 CVSS 3.1
Published Nov 2, 2021 4y ago
Last Modified Jun 17, 2026 2w ago
Description
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
72.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| php-fusion | phpfusion | 9.03.50 | any |
References 3
- github.com https://github.com/php-fusion/PHP-Fusion/issues/2315
- user-images.githubusercontent.com https://user-images.githubusercontent.com/62001260/81574006-6fb70480-93cf-11ea-814c-55a96d2fe95e.PNG
- user-images.githubusercontent.com https://user-images.githubusercontent.com/62001260/81574112-9412e100-93cf-11ea-9493-615a70162034.PNG
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.